Verifiable Secret Redistribution (CMU-CS-01-155)

We present a new protocol to perform non-interactive verifiable secret redistribution (VSR) for secrets distributed with Shamir’s secret sharing scheme. We base our VSR protocol on Desmedt and Jajodia’s redistribution protocol for linear secret sharing schemes, which we specialize for Shamir’s scheme. We extend their redistribution protocol with Feldman’s non-interactive verifiable secret sharing scheme to ensure that a SUBSHARES-VALID condition is true after redistribution. We show that the SUBSHARES-VALID condition is necessary but not sufficient to guarantee that the new shareholders have valid shares, and present an additional SHARES-VALID condition. This research is sponsored by the Defense Advanced Research Projects Agency (DARPA), Advanced Technology Office, under the title “Organically Assured and Survivable Information Systems (OASIS)” (Air Force Cooperative Agreement no. F30602-002-0523). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of DARPA or the U.S. Government.

[1]  Josh Benaloh,et al.  Secret sharing homomorphisms: keeping shares of a secret secret , 1987, CRYPTO 1987.

[2]  Moti Yung,et al.  Proactive RSA , 1997, CRYPTO.

[3]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[4]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[5]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[6]  Silvio Micali,et al.  Verifiable Secret Sharing as Secure Computation , 1994, EUROCRYPT.

[7]  Yvo Desmedt,et al.  Some Recent Research Aspects of Threshold Cryptography , 1997, ISW.

[8]  Alfredo De Santis,et al.  Fully Dynamic Secret Sharing Schemes , 1996, Theor. Comput. Sci..

[9]  Pradeep K. Khosla,et al.  Selecting the Right Data Distribution Scheme for a Survivable Storage System (CMU-CS-01-120) , 2001 .

[10]  Christian Cachin On-Line Secret Sharing , 1995, IMACC.

[11]  J. Massey,et al.  Threshold Schemes with Disenrollment , 1993, Proceedings. IEEE International Symposium on Information Theory.

[12]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[13]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[14]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[15]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[16]  Silvio Micali,et al.  How to Prove all NP-Statements in Zero-Knowledge, and a Methodology of Cryptographic Protocol Design , 1986, CRYPTO.

[17]  Tal Rabin,et al.  Robust sharing of secrets when the dealer is honest or cheating , 1994, JACM.

[18]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[19]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[20]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[21]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[22]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[23]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[24]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[25]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.